[ISN] FW: New NT Server bug

From: mea culpa (jerichoat_private)
Date: Thu Dec 03 1998 - 11:58:59 PST

  • Next message: mea culpa: "Re: [ISN] Worms Invade, To Network Operators' Dismay"

    Forwarded From: Liam Colvin <randomat_private>
    Originally From: Windows NT Security Mailing List
    Originally To: NTSECURITYat_private
    
    | Fernando asked...
    | >Does anyone know about this new NT server bug (as reported by PCWeek,
    | >http://www.zdnet.com/pcweek/stories/news/0,4153,374497,00.html)
    
    If the article or web site had stated that they were merely trying to
    remind people of some news that is now nearly 20 months old that would
    have been fine. Unfortunately, neither tried to do that and both seem to
    imply this is something new. 
    
    I don't normally remind people of old issues (that's what the NTBugtraq
    archives are for), but the ZD story sorta compels me to do this. 
    
    Andy Baron first discovered the availability and usability of Null Session
    access when he announced the "RedButton Bug" on NTBugtraq back on April
    18th, 1997!!! See
    <http://ntbugtraq.ntadvice.com/page_archives_wa.asp?A2=ind9704&L=ntbugtraq&F
    =P&S=&P=14066> for that original announcement. There are a lot of messages
    associated with that announcement which you can peruse through the archive
    site <http://ntbugtraq.ntadvice.com/archives>. 
    
    Please note that David LeBlanc made a utility available, through me, to
    stop Andy's demonstration program. It was called everyone2user.exe. This
    program is no longer available, and was not needed after the release of
    SP3 from Microsoft (see KB article above). Please don't ask me or David
    for it!! 
    
    If there's going to be any further discussion about this "New NT Server
    bug", let's make sure you've read through the age old threads on this
    first and have something new to say about it. 
    
    Cheers,
    Russ - NTBugtraq moderator
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:09 PDT